Search found 6185 matches

by scott
Fri Jun 11, 2021 9:01 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 899

Re: Ossec Agent stays in Never connected state

Nothing like that, just that when you change the key you have to restart the agent, otherwise its using the older key still. So next take a look in /var/ossec/etc/internal_options.conf and enable the debug settings for remoted. You can do the same on the agent side for agentd, and then see if the ou...
by scott
Thu Jun 10, 2021 4:29 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 899

Re: Ossec Agent stays in Never connected state

OK so at this point (correct me if any of these arent validated) 1. Key: Probably OK, unless theres a transcribing error. 2. remoted is listening on port UDP 1514 3. agent traffic is confirmed to be reaching the server on UDP 1514 Never connected is a state you'd get only if initial session packet d...
by scott
Thu Jun 10, 2021 9:24 am
Forum: PHP Help and Discussion
Topic: PHP 5.6 end of support
Replies: 1
Views: 122

Re: PHP 5.6 end of support

So the SCL packaging system in RHEL/Rocky/Centos allows multiple installations of PHP concurrently so you could still have different options in the environment.

Otherwise PHP 5.4.x is maintained by redhat on RHEL/Centos 7 until june 2024
by scott
Wed Jun 09, 2021 4:22 pm
Forum: OSSEC
Topic: How do I connect OSSEC Server and Client together in Virtualbox?
Replies: 4
Views: 165

Re: How do I connect OSSEC Server and Client together in Virtualbox?

Ok thats good, it could be the key. A good way to provision those is to use the ossec-authd service on the server, and the agent-auth client from the agent. Otherwise you could manually do it using manage_agents
by scott
Tue Jun 08, 2021 9:10 am
Forum: OSSEC
Topic: How do I connect OSSEC Server and Client together in Virtualbox?
Replies: 4
Views: 165

Re: How do I connect OSSEC Server and Client together in Virtualbox?

Yeah I think by default virtualbox doesn't let you communicate with the guest VM from the host system
by scott
Fri Jun 04, 2021 10:50 am
Forum: Atomic OSSEC
Topic: OSSEC Agent specific port instead of random port
Replies: 6
Views: 653

Re: OSSEC Agent specific port instead of random port

That would only be able to control the dst port, the src port is something you have to control from the IP stack in the OS.
by scott
Tue Jun 01, 2021 2:55 pm
Forum: Atomic OSSEC
Topic: OSSEC Agent specific port instead of random port
Replies: 6
Views: 653

Re: OSSEC Agent specific port instead of random port

You can set the ephemeral port range in linux with sysctl or /proc:

https://tldp.org/LDP/solrhe/Securing-Op ... sec70.html
by scott
Thu Jul 05, 2018 12:37 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 15131

Re: ASL Web Errors

Interface just hasnt updated yet, give it a bit and that will go away.
by scott
Thu Jul 05, 2018 12:12 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 15131

Re: ASL Web Errors

See if its running with:

ps ax |grep ossec
by scott
Mon Jul 02, 2018 7:27 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 15131

Re: ASL Web Errors

No, we havent used that file in more than 5 years. What version of ossec are you running?
by scott
Mon Jun 25, 2018 1:37 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Web Errors
Replies: 28
Views: 15131

Re: ASL Web Errors

Reset the FIM db with:

1)
rm -f /var/ossec/queue/syscheck/*

2)
service ossec-hids restart
by scott
Tue Apr 24, 2018 8:04 am
Forum: OpenVAS
Topic: Openvas scanner not working
Replies: 3
Views: 4857

Re: Openvas scanner not working

Try upgrading to the branch from the atomic repo, we just added Kali support yesterday:

wget -q -O - https://updates.atomicorp.com/installers/atomic | bash

then run openvas-setup
by scott
Thu Apr 19, 2018 5:08 pm
Forum: OpenVAS
Topic: Openvas 9 Released
Replies: 24
Views: 58206

Re: Openvas 9 Released

Ubuntu 16 and Kali linux packages are now also available in the atomic repo. These are still really early stage, so there are some rough edges to work out yet.

Please give them a shot, and let us know how they're working out!
by scott
Wed Mar 07, 2018 4:10 pm
Forum: Atomic Protector (formerly ASL)
Topic: Event 1002 - dominate event
Replies: 14
Views: 9833

Re: Event 1002 - dominate event

Are you in a position to try our testing builds?

yum --enablerepo=asl-4.0-testing upgrade ossec-hids
by scott
Tue Dec 05, 2017 5:42 pm
Forum: General Help and Development Discussion
Topic: Openvas install broken dependencies
Replies: 1
Views: 4983

Re: Openvas install broken dependencies

That gvm-tools package is planned for a newer release, on el7 it gets complicated because of the python 3 dependencies. Its disabled in the EL7 (centos/rhel) repos and active in the Fedora ones. The update on your platform is: openvas-9.0.0-2796 All this is fixable on EL7, we just need to get some o...